infra/ansible-role-nextcloud
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update nginx config

Browse source
This commit is contained in:
nd 2023-09-02 01:14:40 +02:00 committed by Julian Rother
parent eb37e03c76
commit 381c65d5c2
No known key found for this signature in database
GPG key ID: 8F9B6AE9BAAE4899
1 changed files with 30 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

41
templates/nginx.j2
View file

@ -5,12 +5,14 @@ server {
root /usr/share/nextcloud; root /usr/share/nextcloud;
client_max_body_size {{ nextcloud.upload_size_max }}; client_max_body_size {{ nextcloud.upload_size_max }};
client_body_buffer_size 128k; client_body_buffer_size 512k;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
index index.php index.html /index.php$request_uri;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
@ -28,18 +30,18 @@ server {
return 301 https://$host/index.php$uri; return 301 https://$host/index.php$uri;
} }
location / { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) {
rewrite ^ /index.php;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
try_files $fastcgi_script_name =404; try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
@ -54,24 +56,41 @@ server {
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
location ~ \.(?:css|js|woff|svg|gif)$ { location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
location ~ \.wasm$ {
default_type application/wasm;
}
} }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
} }
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
} }